Skip to main content

Apple Mac OS X Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 31 Mar 2010 5643 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.

1. A boundary error in AppKit within the feature used by Cocoa applications to spell check documents can be exploited to cause a buffer overflow.

2. A timing error in the Application Firewall may result in certain rules becoming inactive after restart.

3. An access control error in AFP Server may allow mounting of AFP shares as a guest even though guest access is disabled.

4. An error exists in the path validation for shares in AFP Server and can be exploited via directory traversal attacks to read or write files accessible by the "nobody" user.

5. An error in Apache can be exploited to bypass certain security restrictions.

6. A configuration error in ClamAV introduced by a previous Security Update may prevent freshclam from running, causing virus definitions to not receive updates.

7. Two boundary errors in CoreAudio when handling QDM2 and QDMC encoded audio content can be exploited to corrupt memory.

8. An error in CoreMedia when playing H.263 encoded movie files can be exploited to cause a heap-based buffer overflow.

9. Missing checks in CoreTypes for ".ibplugin" and ".url" content types may result in users not being warned before opening potentially unsafe content via e.g. Safari.

10. An error in the "lppasswd" CUPS utility can be exploited to gain escalated privileges.

11. An error exists in curl when processing X.509 certificate fields and can be exploited to conduct spoofing attacks.

12. A security issue in curl when handling the HTTP "Location" header can potentially be exploited to execute arbitrary commands.

13. A boundary error in Cyrus IMAP when handling Sieve scripts can potentially be exploited to execute arbitrary code.

14. A boundary error in the authentication module of Cyrus SASL can potentially be exploited to execute arbitrary code.

15. A security issue in DesktopServices when performing an authenticated copy in the Finder may result in items copied to be assigned an unexpected file owner.

16. A security issue in DesktopServices may result in files being saved to a malicious share if a user has been tricked into mounting it via an URL scheme and then e.g. saves a file using the default save panel in any application, uses "Go to folder", or drags a folder to the save panel.

17. An error in the Disk Images component when handling bzip2 compressed disk images can be exploited to corrupt memory when a specially crafted disk image is mounted.

18. A design error in the Disk Images component when handling Internet enabled disk images containing a package file type causes it to be opened instead of displayed in the Finder.

19. A security issue when handling record names in Directory Services can be exploited to gain escalated privileges.

20. An access control error in Dovecot when Kerberos authentication is enabled allows users to send and receive mails even if the user is not permitted to do so in the service access control list (SACL).

21. A security issue in Event Monitor when handling resolved DNS names of remote ssh clients can be exploited to add arbitrary hosts to the firewall blacklist.

22. An error in the default configuration of FreeRADIUS allows using EAP-TLS with an arbitrary valid certificate to authenticate.

23. An input validation error in FTP Server can be exploited by malicious users to retrieve files outside the FTP root directory via directory traversal attacks.

24. An error in iChat Server within jabberd's handling of SASL negotiation can be exploited to cause a DoS (Denial of Service).

25. A design error in iChat Server within the support for configurable group chat logging causes only certain message types to be logged.

26. Unspecified boundary errors and a use-after-free error in iChat Server can be exploited to corrupt memory or cause stack-based buffer overflows.

27. An error in ImageIO when parsing JP2 images can be exploited to cause a heap-based buffer overflow.

28. Multiple vulnerabilities in ImageIO when handling BMP and TIFF images can be exploited to disclose certain data from the browser's memory or cause memory corruption.

29. Two errors in Image RAW when handling NEF and PEF images can be exploited to cause buffer overflows.

30. An error in Libsystem when converting data between binary floating point and text can be exploited to cause a buffer overflow.

31. An error in Mail causes user-defined rules associated with a deleted mail account to remain in effect.

32. A logic error in Mail when handling encryption certificates where multiple certificates exist in the keychain for a recipient may result in use of a weaker encryption key for outgoing mail.

33. Various vulnerabilities in Mailman can be exploited to conduct script insertion attacks.

34. Various vulnerabilities exist in the bundled version of MySQL.

35. An error exists in OS Services as SFLServer runs as group "wheel" and accesses files in users' home directories.

36. An error in Password Server when handling replication may result in passwords not being replicated, allowing log-in with outdated passwords.

37. Various race condition errors exist in the bundled version of perl.

38. Various vulnerabilities exist in the bundled versions of PHP.

39. An error in Podcast Producer results in access restrictions being removed when overwriting a Podcast Composer workflow.

40. A security issue exists in Preferences when handling logins of network accounts at the Login Window which can be exploit to bypass login restrictions.

41. An error in PS Normalizer when parsing PostScript files can be exploited to cause a stack-based buffer overflow.

42. Multiple vulnerabilities in QuickTime when handling H.261, H.263, H.264, RLE, M-JPEG, Sorenson, FlashPix, FLC, and MPEG encoded movie files can be exploited to corrupt memory or cause heap-based buffer overflows.

43. Various vulnerabilities exist in the bundled version of Ruby.

44. A design error in Server Admin can be exploited to anonymously extract information from Open Directory even if the "Require authenticated binding between directory and clients" option is enabled.

45. An error in Server Admin allows former members of the "admin" group to connect to the server using screen sharing.

46. An error in SMB can be exploited to cause a DoS (Denial of Service).

47. Multiple vulnerabilities exist in the bundled version of Tomcat.

48. An uninitialised pointer error exists in unzip when extracting zip files.

49. Various vulnerabilities exist in the bundled version of vim.

50. An error in Wiki Server can be exploited to gain knowledge of sensitive information by uploading active content (e.g. Java applets).

51. An error in Wiki Server can be exploited to bypass weblog creation restrictions as the weblog SACL is not consulted during the creation of a user's weblog.

52. Vulnerabilities exist in the bundled versions of libpng and xterm in X11.

53. A design error in xar when validating package signatures may result in manipulated packages appearing as validly signed.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Mac OS X version 10.5.8 and prior
  • Mac OS X Server version 10.5.8 and prior
  • Mac OS X versions 10.6 through 10.6.2
  • Mac OS X Server versions 10.6 through 10.6.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Mac OS X Server v10.6.3 Update (Combo) :
http://support.apple.com/kb/DL1019

Mac OS X Server v10.6.3 Update :
http://support.apple.com/kb/DL1020

Mac OS X v10.6.3 Update (Combo) :
http://support.apple.com/kb/DL1017

Mac OS X v10.6.3 Update :
http://support.apple.com/kb/DL1018

Security Update 2010-002 (Leopard-Client) :
http://support.apple.com/kb/DL1021

Security Update 2010-002 (Leopard-Server) :
http://support.apple.com/kb/DL1022


Vulnerability Identifier


Source


Related Link